Azure Storage Account Permissions: Assigning Azure AD Roles

Assigning Azure Storage Account Permissions Using Azure AD Roles

Prev Question Next Question

Question

Creating an Azure Storage account does not automatically assign you the permissions to access data using Azure AD.

An Azure role needs to be explicitly assigned to yourself for Azure Storage.

At which of the following levels you can assign it?

Answers

A. Subscription only

B. Resource Group only

C. Storage Account only

D. Container only

E. Any the above.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Correct Answer: E

You can assign the Azure role to yourself at the level of your subscription, storage account, resource group, or container.

Option A is incorrect.

An Azure role can be assigned at any level which includes your subscription, storage account, resource group, or container.

Option B is incorrect.

It is not true that you can assign an Azure role only on the Resource group level but any of your subscription, storage account, resource group, or container.

Option C is incorrect.

It is not true that you can assign Azure role only on storage account but any of your subscription, storage account, resource group, or container.

Option D is incorrect.

An azure role can be assigned at any level which includes your subscription, storage account, resource group, or container.

Option E is correct.

An azure role can be assigned at any level which includes your subscription, storage account, resource group, or container.

To know more about assigning an Azure role, please visit the below-given link:

The correct answer is E. Any of the above.

To access data stored in an Azure Storage account using Azure AD, you need to have an Azure role assigned to you. An Azure role is a collection of permissions that allow you to perform specific actions on Azure resources.

You can assign an Azure role at different levels in the Azure hierarchy, including subscription, resource group, storage account, and container. The level at which you assign the role determines the scope of the permissions granted.

Here is an explanation of each level:

Subscription: The subscription is the top-level container for Azure resources. Assigning a role at the subscription level grants the assigned permissions to all resources in the subscription.
Resource Group: A resource group is a logical container for resources that share the same lifecycle, permissions, and policies. Assigning a role at the resource group level grants the assigned permissions to all resources in the resource group.
Storage Account: A storage account is a logical container for data objects, such as blobs, files, queues, and tables. Assigning a role at the storage account level grants the assigned permissions to all containers and blobs in the storage account.
Container: A container is a logical container for blobs within a storage account. Assigning a role at the container level grants the assigned permissions to all blobs within the container.

In summary, to access data stored in an Azure Storage account using Azure AD, you need to assign an Azure role to yourself. You can assign the role at any of the above levels, depending on the scope of the permissions you require.

Prev Question Next Question